Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Security warning in Access

Mrs_Kohls

Posted 27 October 2006 - 11:20 AM

Mrs_Kohls

New Member

Member

9 posts

[size=3]I'm hoping someone on here knows how to get rid of my warning/error messages in Access. I typed in a bunch of addresses for like invitations/christmas cards, and every time that I try to open Access, I get the first warning which mentions blocking scripts for safety measures. Then when I try to open the address book file, I get another message which says: "This file may not be safe if it contains code that was intended to harm your computer...Do you want to open the file or cancel the operation?" After which if you tell it that you want to open the file, it may or may not open it for you. Sometimes you have to restart the program multiple times to finally get access to the database.

Is there any way to get rid of the messages? And make it so that my file opens every time without a hitch? I'm tired of wondering if I'm just going to get a blank database with the same name or if my file is actually going to open. Also, as a side note, I went to the effort of retyping the addresses from scratch to see if that would help, but it doesn't.

Mrs_Kohls

Posted 27 October 2006 - 02:39 PM

Mrs_Kohls

New Member

Topic Starter

Member

9 posts

Ok, I was going through the instructions, knowing that they were for Office 2000, figuring it was probably the same process for my 2003 Suite, but apparently it isn't. So do you know how to sign a VBA certificate on Office 2003? Because after reading the help page, that is what I decided that I needed to do...right? Though it made it sound as though this was a process for corporations that would send them to various employees and back again. I've only got that one Access database, and I'm the only one who would be using it, so if there is something else I should do instead, let me know.

Jrenter2

Posted 27 October 2006 - 03:26 PM

Jrenter2

Member

Member

435 posts

Hi Mrs_Kohls,

Yes, you will need the VBA Digital Certificate. You may want to print this out to follow along. I have had to do this myself, so I know that this will work. The major point of interest is approx. half way down these instructions. If you have any questions about this after doing it, let me know and I will help you with it.

Application Note 110Security Warnings in Office 2003

Microsoft has been tightening up security in its Office applications to help you from accidentally opening up an application with malicious VBA code. This added security may, by default, cause difficulties when you try to open the MS Access front end for PawCom or when you try to use a product that opens an MS Excel spreadsheet, such as the Price Changer for Peachtree or the Inventory Adjuster for Peachtree. This application note discusses how you can deal with Office security.

Security Levels

If you get a message “Security Warning: Unsafe expressions are not blocked”, then your computer does not have Microsoft Jet 4.0 Service Pack 8 (SP8) or later installed. In that case you should install SP8. The rest of this note assumes that you have SP8 or later installed.

Microsoft has implemented for levels of security, which they describe as follows:

o Very high. Only macros installed in trusted locations will be allowed to run. All other signed and unsigned macros are disabled. (This level doesn’t appear in MS Access.)o High. Only signed macros from trusted sources will be allowed to run. Unsigned macros are automatically disabled.o Medium. You can choose to run potentially unsafe macros.o Low (not recommended). You are not protected from potentially unsafe macros. Use this setting only if you have virus scanning software installed, or you have checked the safety of all documents you open.

You can modify the security setting in any of the Office applications by going to the menu bar and selecting Tools : Macros : Security.

So what does all this mean? When Microsoft says “macro” they mean essentially VBA code. If you have ANY code modules defined in your application then the security check is triggered. Since the MS Access front end for PawCom contains lots of VBA code, it will always trigger the security check. If you are opening an MS Excel spreadsheet and have added some VBA code, that will also trigger the security check.

Note: If you are trying to open an Excel spreadsheet and you don’t think it has any VBA code in it, you may have accidentally created a code module that is empty. The security check is triggered by the presence of modules even if they don’t contain any code. You can get around this problem by simply deleting the module.

If the security level is set to high, the security check will display the following if you have VBA code:

If the security level is set to medium, the security check will display the following if you have VBA code:

If you click Cancel, MS Access is put in sandbox mode, where it will not run code expressions that are considered potentially dangerous because they could be used by maliciously written code to access drives, files, or other resources for which they do not have authorization. For the PawCom MS Access front end, this will prevent it from doing performing most of its useful functionality. If you click Open then the PawCom application will run normally.

If the security level is set to low, you won’t see any security warning and the application will run normally.

The security checking is really designed to protect you against running dangerous applications that you have downloaded or that you have installed with some product you may not trust. For applications that you are developing you already trust the application because it is yours, so these security messages are just an annoyance.

So what can you do to prevent the security messages from popping up every time you run the application? The easiest thing to do is to set the security level to low. However, this is not a very safe thing to do because Office will use this security level for ALL applications of the same type it runs. You may trust an Access application you are working on, but do you want to trust all other Access applications on your system? A better approach is to digitally sign the application.

Digital Signatures

A digital signature on an application containing VBA code is like a wax seal on an envelope – it confirms that the file originated from the entity who signed it and that the code in the file has not been altered by anyone else. For High or Medium security settings a file signed by a trusted entity will be opened without any security settings. Microsoft Office 2003 uses Microsoft Authenticode technology to enable you to digitally sign a file or VBA project by using a digital certificate.

Note that a digital signature does not apply to the entire database of an Access application. It covers only those parts of the database that could be modified to do malicious things, such as VBA code, macros, action queries, SQL pass-through queries, data definition queries, the ODBC connection string in queries, and properties of ActiveX controls. If any of these are modified after you sign the application, the digital signature will be removed and the files will not open under Medium or High security.

There are essentially three ways to obtain a digital certificate:

• Create a digital certificate for your own use. Such a certificate would only be used to sign an application for your own use or for sharing within a small workgroup.• Obtain a digital certificate from your organization’s internal certification authority. Some organizations may choose to have a security administrator or group act as its own certification authority and produce and distribute digital certificates by using tools such as Microsoft Certificate Server.• Obtain a digital certificate from a commercial certification authority such as VeriSign, Inc.

For typical users of Multiware products the first option makes the most sense. You can easily modify the application and update the digital signature youself.

Note: Since a digital signature becomes invalid as soon as you have made any significant change to the application, Multiware does not bother signing the original PawCom Access front end.

Creating a Digital Certificate for your own use

To create a digital certificate for your own use, you run the Create Digital Certificate utility (selfcert.exe) and enter information about yourself that will be stored in the certificate. Because a digital certificate created in this fashion isn’t issued by a formal certification authority, it is called a self-signed certificate and VBA projects that are signed by using such a certificate are referred to as self-signed projects.

Search your system for the utility Selfcert.exe. It will be installed in the same folder where Office applications, which by default is something like c:\Program Files\Microsoft Office 2003\Office. If the utility isn’t installed on your system, install it as follows:

1. In the Control Panel, double-click Add/Remove Programs.2. On the Install/Uninstall tab click Microsoft Office 2003 and then click Add/Remove.3. In the Microsoft Office Maintenance Mode dialog box click the Add or Remove Features button.4. Expand Office Tools and set Digital Signature for VBA Projects to Run from My Computer.5. Click Update Now. Selfcert.exe will be installed.

To create a self-signed digital certificate:

1. Run Selfcert.exe from My Computer or Windows Explorer.2. In the Your certificate’s name box, type an appropriate description for thecertificate you want to create, then click OK.

Selfcert.exe will create and install a self-signed certificate that you can use to sign VBA projects on the current computer. To create a self-signed certificate to use on another computer, run Selfcert.exe on that computer.

When you sign a VBA project by using a self-signed certificate and if security is set to Medium or High, the first time you open the document containing the signed VBA project the Security Warning dialog box is displayed indicating that the certificate used to sign the VBA project hasn’t been issued by a certification authority and shouldn’t be trusted. Obviously you can safely trust a VBA project you have signed yourself by using a self-signed certificate, and if you do so the Security Warning dialog box won’t be displayed the next time you open the application.

Signing Your VBA Project

Once you have your digital certificate installed you can sign the VBA project associated with an MS Access application. You may want to sign the project after you have developed and tested the application because any time code in a signed VBA project is modified in any way, its digital signature is removed.

To digitally sign your VBA project:

1. Open the application you want to sign.2. Open the Visual Basic Editor.3. On the Tools menu, click Digital Signatures.4. Do one of the following:• If you haven’t previously selected a digital certificate, or want to use another one, click Choose, select the certificate, and click OK twice.• Click OK to use the current certificate.

Note: If the application has been signed previously, clicking Choose and selecting a new digital certificate replaces the previous signature. To remove a signature from a previously signed project, click Remove.